Best Microsoft 70-294 Exam Questions for Free, Download the Latest 70-294 Dumps, Practice Test and Study Guide
Enjoy Free Microsoft 70-294 Exam Questions. Download the Best 70-294 Cheat-Test Sample Questions.
Version: 8.5 Release Date: May, 2012
Q: 1
You work as the IT Admin at ABC.com. The ABC.com network has a forest that operates at the
forest functional level of Windows Server 2003. The forest has a root domain named ABC.com,
and two child domains named north.ABC.com and south.ABC.com. Each domain has a security
group named Research which holds the user accounts for that domain.
Two domain controllers are situated in each of these domains. One domain controller in each
domain hosts a copy of the global catalog.
The global catalog server in the ABC.com domain holds the domain naming and the schema
master roles. The global catalog server in north.ABC.com and south.ABC.com holds the relative
ID (RID), infrastructure, and PDC emulator master roles.
A ABC.com user named Ally Wagner, in the south.ABC.com domain, was recently married. When
Ally Wagner got back, she asked you to change her surname in her user account. After changing
Ally Wagner’s user account to Ally Hamm, you notice that her user account is still incorrectly
specified as Ally Wagner in the Research group.
Which of the following master roles should you move to the domain controller that does not have
the Global Catalog in each domain?
A. The domain naming master role.
B. The infrastructure master role.
C. The RID master role.
D. The schema master role.
E. The PDC emulator master role.
Answer: B
Explanation: Problems like this can occur when the Infrastructure master role is on the same
domain controller as the Global Catalog. The infrastructure master updates the group-to-user
reference whenever group memberships change and replicates these changes across the domain.
The infrastructure master compares its data with that of a global catalog. Global catalogs receive
regular updates for objects in all domains through replication, so the global catalog data will
always be up to date. If the infrastructure master finds that its data is out of date, it requests the
updated data from a global catalog. The infrastructure master then replicates that updated data to
the other domain controllers in the domain.
Unless there is only one domain controller in the domain, the infrastructure master role should not
be assigned to the domain controller that is hosting the global catalog. If the infrastructure master
and global catalog are on the same domain controller, the infrastructure master will not function.
The infrastructure master will never find data that is out of date, so it will never replicate any
changes to the other domain controllers in the domain. Transferring the Infrastructure master role
to a different computer would resolve this problem. There is no reason to transfer any other master
roles.
Reference:
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, pp. 505-509.
Q: 2 DRAG DROP
You work as the IT Network Admin at xxyyinc.com. The xxyyinc.com network has a forest with
two child domains named us.xxyyinc.com and uk.xxyyinc.com. All servers and domain controllers
on the xxyyinc.com network have Windows 2000 Server installed.
You have been given the task to uABCrade the domain controllers in uk.xxyyinc.com to
Windows Server 2003. You therefore need to take the appropriate steps that are required to
prepare the forest for the impending deployment.
Which of the following actions should you take?
Answer by selecting the appropriate steps from the column on the left and place it in the correct
order in the column on the left.
Answer:
Q: 3
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com.
ABC.com has offices in London and Berlin, which are configured as separate sites.
A Backup of ABC.com’s Ntds.dit file is performed outside of business hours, seven days a week.
The domain has an OU named Research that currently holds no Active Directory objects. During
the course of the business day an administrator in Berlin removes the Research OU, while an
administrator in London simultaneously places existing Active Directory objects in it. The London
administrator is later informed of the removal, and now realizes that the objects that were placed
into the Research OU are missing.
The CIO has subsequently instructed you to make sure that a Research OU and the missing
Active Directory objects are available to the London administrator. The CIO also informs you that
your solution should have no impact on network connectivity and resources. You have already
created a new OU, and named it Research.
Which of the following actions should you take NEXT?
A. You should transfer the objects from the LostAndFound container to the new Research OU
B. You should recreate the objects and then place the replicas in a Domain Group Policy that
should be linked to all OUs.
C. You should restore the objects to the new Research OU nonauthoritatively.
D. You should restore the objects to the new Research OU authoritatively.
Answer: A
Explanation: You moved the objects to an OU that had just been deleted. When you move
objects to an object that is no longer there, the objects get moved to the LostAndFound container.
This means that we haven’t lost the objects, so we can just re-create the Research OU and move
the users from the LostAndFound container to the new OU.
Reference:
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, pp. 38-39, 99-101
Q: 4
You work as a IT Admin at ABC.com. ABC.com has its headquarters located in Dallas and branch
division in Miami. The Dallas and Miami division represent separate sites. The Dallas and Miami
divisions are linked to each other via a WAN link.
You have added a domain controller named ABC-SR01 to the Miami division and configured it as
a global catalog server. You have just completed configuring the site link between the Dallas and
Miami divisions.
The CIO at ABC.com has instructed you to make sure that Miami workstations authenticate to the
network via ABC-SR01. The CIO also informs you that the replication of domain changes has to
happen instantaneously.
Which of the following actions should you take?
A. You should reduce the site link interval.
B. You should reduce the site link cost.
C. You should combine the Dallas and Miami sites into a single site
D. You should increase the site link cost.
Answer: A
Q: 5
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com. All
servers on the ABC.com network have Windows Server 2003 installed and all workstations have
Windows XP Professional installed.
ABC.com is made up of four divisions named Sales, Marketing, Finance and Research. The
ABC.com network has an organizational unit (OU) named after each division that holds the user
accounts of all employees working in that specific division.
You need to install a new application for all employees in the Marketing division. You start by
creating an installation package and a Group Policy object (GPO). You plan to make use of the
new GPO to deploy the package to the workstations in the Marketing division. You therefore
connect the GPO to the Marketing OU. However, the application does not install.
The CIO informs you that the application must be installed and that you should make sure that
marketing application is not installed on workstations in the other ABC.com divisions.
How will you accomplish the task?
A. Advise the Marketing users to reboot their workstations.
B. Edit the GPO and assign the application to user accounts with Marketing OU membership.
C. Connect the GPO to the ABC.com domain.
D. Connect the GPO to the OU that contains computer accounts and not the Marketing OU.
Answer: B
Explanation: It is likely that the application was assigned to the computer accounts, rather than
the user accounts.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 12-3 to 12-10, 12-13 to 12-28,
12-34 to 12-39
Q: 6
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network have Windows Server 2003 installed and all
workstations have Windows XP Professional installed.
ABC.com has its headquarters in Chicago and a branch office in Dallas. Each office is configured
as an Active Directory site, and the branch office is connected to the Chicago headquarters by a
T1 connection. The Chicago headquarters contains two domain controllers named ABC-DC01 and
ABC-DC02. The Dallas branch office also contains two domain controllers named ABC-DC03 and
ABC-DC04.
You plan to install a new server named ABC-DC05 in the Chicago office and a new server named
ABC-DC06 in the Dallas branch office. ABC-DC05 and ABC-DC06 have much better hardware
resources than the other domain controllers.
Management wants the servers that have the best hardware resources to deal with Active
Directory replication in each site.
Which of the following actions should you take?
A. Your best option would be to set ABC-DC02 and ABC-DC04 up as the preferred bridgehead
servers.
B. Your best option would be to set ABC-DC05 and ABC-DC06 up as the preferred bridgehead
servers in the domain.
C. Your best option would be to set ABC-DC05 and ABC-DC06 up as the preferred bridgehead
servers for RPC traffic.
D. Your best option would be to run the DCPROMO command on ABC-DC05 and ABC-DC06.
Answer: B
Explanation: Directory information is replicated both within and among sites. Active Directory
replicates information within a site more frequently than across sites. This balances the need for
up-to-date directory information with the limitations imposed by available network bandwidth.
You customize how Active Directory replicates information by using site links to specify how your
sites are connected. Active Directory uses the information about how sites are connected to
generate Connection objects that provide efficient replication and fault tolerance. Active Directory
uses this information to determine which site link will be used to replicate information. Customizing
replication schedules so replication occurs during specific times, such as when network traffic is
low, will make replication more efficient.
You can further control replication behavior by specifying a bridgehead server for inter-site
replicated information. The bridgehead server is a specific server you want to dedicate for intersite
replication, rather than using any server available. You can also establish a bridgehead server
when your deployment uses proxy servers, such as for sending and receiving information through
a firewall.
Reference:
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, Chapter 6, pp. 453-455
MS Windows Server 2003 Deployment Kit - Designing and Deploying Directory and Security
Services - Active Directory Replication Concepts
Q: 7
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com
with all servers installed with Windows Server 2003 and all workstations with Windows XP
Professional. All the workstations’ computer accounts are placed in an organizational unit (OU)
named ClientComputers.
A new ABC.com security policy requires that users must be assigned local Power Users group
membership and not local Administrators group membership on all workstations on the network.
This means that the security policy does not allow users to have administrative rights to domain
controllers and member servers. In addition to this, it does not allow Power Users group
membership to be modified in any way by members of the local Administrators group on
workstations.
You must implement a solution to comply with the requirements of the written security policy with
group membership assignment occurring automatically.
Which of the following actions should you take?
A. Write a logon script that makes the Domain Users group a member of the local Power Users
group and link the logon script to the ClientComputers OU.
B. Set up a Group Policy object (GPO) that makes the Domain Users group a member of the local
Power Users group and link the GPO to the ClientComputers OU.
C. Set up a Group Policy Object (GPO) that makes all users members of the Default Domain
Administrators group.
D. Make the written security policy the Default Domain Policy.
Answer: C
Explanation: We need to move all users to the Power users group. We can do this by using the
Restricted Groups option of a GPO to add the Domain Users group to the Power Users group.
Restricted Groups ensures that group memberships are set as specified. Groups and users not
specified in Restricted Groups are removed from the group. In addition, the reverse membership
configuration option ensures that each restricted group is a member of only those groups specified
in the Member Of column. This GPO must be linked to all client computers as users must not have
any administrative rights to member servers or domain controllers in the domain. The client
computers are in the ClientComputersOU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-40 to 10-41, 13-6 to 13-7
Q: 8
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com. All
servers on the ABC.com network have Windows Server 2003 installed. ABC.com makes use of
Group Policy objects (GPOs) to deploy applications to workstations.
ABC.com employees in the Data Processing division can decide between two applications to view
information based on the specific data formats and features they want. You must create a GPO to
deploy either application depending on the selection made by the employee.
Which of the following is an action that you should take to achieve the above goals?
A. Configure the GPO to assign each of the applications to the workstations.
B. Configure the GPO to publish each of the applications without using file extension activation.
C. Create a transformation package to install each application on demand.
D. Configure two GPOs that each assigns an application.
Answer: B
Explanation: You can publish applications to users, making the application available for users to
install. To install a published application, users can use Add or Remove Programs in Control
Panel, which includes a list of all published applications that are available for them to install.
Q: 9
You work as the IT Admin at ABC.com. The ABC.com network has a forest with a domain named
ABC.com and two child domain named us.ABC.com and uk.ABC.com. All servers in the forest
have Windows Server 2003 installed and the functional level of the forest is set at Windows Server
2003.
All domains have Web servers and database servers that have computer accounts in the default
Computers container in their specific domains. ABC.com wants the IT division, which is located at
a central site, to administer the Web server computer accounts throughout the forest. Furthermore,
the IT divisions in each domain must only administer the computer accounts of the database
servers in their respective domains.
You must delegate authority to the various IT divisions so that they can design a solution to meet
the requirements. You start this task by designing the organizational unit (OU) solution that
supports the requirements for the delegation of authority.
Which of the following actions should you take? (Choose two)
A. Configure a top-level OU for all Web server computer accounts under the ABC.com domain.
B. Configure a top-level OU for all database server computer accounts under the ABC.com
domain.
C. Configure a top-level OU for all Web server computer accounts under each domain.
D. Configure a top-level OU for all database server computer accounts under each domain.
Answer: C,D
Explanation: The central operations department is responsible for administering the Web server
computer accounts in all domains and there is a separate operations department for each domain
that is responsible for administering the database server computer accounts in that domain.
Therefore, we need two top-level OUs.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 6-3 to 6-9, 6-16 to 6-23
Q: 10
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com.
ABC.com is made up of four divisions named Sales, Marketing, Finance and Research. The
ABC.com network has an organizational unit (OU) named after each division that holds the user
accounts of all employees working in that specific division.
The workstations used by the Sales employees are contained in an organizational unit (OU)
named SalesComputers. The SalesComputers OU belongs to the Sales OU.
You have recently deployed a new installation package for the application to all user accounts in
the Sales OU. You have also generated a Group Policy object (GPO) that will deploy the
installation package. You have to make sure that when an employee is shifted to another division,
the application is uninstalled from that specific user’s workstation.
When Mia Hamm is shifted from the Sales division to the Finance division a month later, you
remove Mia Hamm from the Sales OU and include her in the Finance OU. The next morning you
discover that Mia Hamm's workstation is still running the Sales applications although she was
removed from the Sales OU.
Which of the following actions should you take? (Choose all that apply.)
A. Restore Mia Hamm's membership to the Sales OU.
B. Edit the GPO to ensure that the software installation package is removed.
C. Set up the software installation package to ensure automatic software uninstallation when Mia
Hamm’s user account is no longer a part of Sales OU.
D. Remove the client computer object for Mia Hamm’s computer from the SalesComputers OU.
E. Verify that Mia Hamm can log on to the ABC.com domain.
F. Remove Mia Hamm from the Sales global group.
G. Move Mia Hamm’s user account to the Finance OU again.
Answer: A,C,E,G
Explanation: The Uninstall The Applications When They Fall Out Of The Scope Of Management
option can be used to remove the application if it no longer applies to users or computers.
However, the application must first apply to the user or computer. Therefore we should move Mia’s
user account back into the Sales OU so that the application applies to her again and Mia must log
on to the network for the GPO to apply. Then we can move Mia’s user account back into the
Finance OU. The application will no longer apply to Mia and will be uninstalled.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 12-3 to 12-10, 12-16 to 12-20
Q: 11
You work as the IT Admin at ABC.com. The ABC.com network has a forest that contains multiple
domains. ABC.com has headquarters in London and branch offices in Paris, Berlin, Milan, Madrid,
Stockholm, Warsaw, Minsk, and Athens. All domain controllers on the ABC.com network have
Windows 2000 Server installed and each domain contains user objects for six ABC.com branch
offices.
The administrators in the Paris and Berlin branch offices provide help desk support to users in all
ABC.com’s domains. The customer support administrators mostly deal with requests to change
group membership.
One morning, the customer support administrators complain that group membership changes are
frequently lost, with the result that they have to recreate quite a large number of group
membership changes. You investigate the issue and suspect that it is being triggered by
replication conflicts that take place when numerous requests are happening at the same time. In
an attempt to resolve the issue, you perform uABCradation of all domain controllers to Windows
Server 2003 but the problem is still not solved.
How can you decrease the volume of lost group membership changes?
A. Check whether the RID master operations role has malfunctioned.
B. Set the functional level of both the domain and the forest to Windows Server 2003.
C. Reduce the cost of the site links.
D. Check whether the Domain naming master operations role has malfunctioned.
Answer: B
Explanation: The question states that the problem is caused by replication conflicts that occur
when a large number of help desk requests are being processed in a short period of time.
Therefore, the solution is to reduce the amount of replication traffic. In a Windows 2000 domain,
when the membership of a group is changed, the entire group membership list is replicated. This
can cause excessive replication traffic with changes to large groups or large numbers of groups. In
a Windows Server 2003 functional level domain and forest, only the changes to a group are
replicated, thus reducing the amount of replication. Therefore, the answer to this question is to
raise the functional level of the domain and of the forest to Windows Server 2003.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 4-26.
Q: 12
You work as a network administrator at ABC.com. The ABC.com network has a domain named
ABC.com, which contains several print and file servers.
ABC.com is made up of several departments that have organizational units (OU) named named
after them. These OU’s contain the computer accounts for their respective departments. Each
department has two print and file servers.
ABC.com wants you to make use of Group Policy Objects (GPOs) to deploy computer
configurations for the print and file servers.
ABC.com would like the subsequent settings to be applied:
• All print and file servers must have certain configurations applied to them.
• The Sales servers should have certain configurations applied only to them.
• The Marketing servers should have certain configurations, which should take precedence,
applied only to them.
You have thus been instructed to design an organizational unit (OU) solution that meets these
requirements. You also have to use the least number of GPOs with one link each, whilst using the
default security permissions for GPO links.
Which of the following actions should you take?
A. You should set up two child OUs named ABCPrintServers and ABCFileServers in the
ABCServers OU.
B. You should set up a top-level OU named ABCServers at the domain level.
C. You should set up two child OUs named SalesServers and MarketingServers in the
ABCPrintServers and ABCFileServers OUs respectively.
D. You should set up two top-level OUs named SalesServers and MarketingServers at the domain
level.
E. You should set up two child OUs named ABCPrintServers and ABCFileServers in both the
SalesServers and MarketingServers OUs.
F. You should set up two child OUs named SalesServers and MarketingServers in the
ABCServers OU.
G. You should set up two top-level OUs named ABCPrintServers and ABCFileServers at the
domain level.
H. You should set up two child OUs named SalesServers and MarketingServers in the
ABCPrintServers and ABCFileServers OUs.
I. You should set up two child OUs named ABCPrintServers and ABCFileServers in the
SalesServers and MarketingServers OUs.
Answer: B,F,I
Q: 13
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com. All
servers on the ABC.com network have Windows Server 2003 installed and all workstations have
Windows XP Professional installed.
You are in the process of configuring a recently created Group Policy object (GPO) to publish an
.msi file that will install a new finance application.
ABC.com users who are using the outdated application must have the choice to either continue
using the outdated application or switching to the new application. However, both applications
cannot be installed on the same workstation simultaneously.
Which of the following actions should you take meet these requirements?
A. By setting up a transformation package to uABCrade the application on demand. Configure a
GPO to assign the transformation package.
B. By setting up a transformation package to uABCrade the application on demand. Configure a
GPO to publish the transformation package.
C. By creating a GPO that can be used to assign the new application and configuring it to
uABCrade and replace the current finance application.
D. By creating a GPO that can be used to publish the new application and configuring it to
uABCrade and replace the current financeapplication.
Answer: D
Q: 14
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com. All
servers on the ABC.com network have Windows Server 2003 installed and all workstations have
Windows XP Professional installed.
The ABC.com network currently makes use of a domain controller named ABC-DC01.
When ABC-DC01 goes offline due to a faulty hard disk, you reboot it in Directory Services Restore
Mode and enter your usual user name and password when prompted to log on. However, you are
presented with a message informing you that your logon attempt was not successful.
Which of the following actions should you take to log onto ABC-DC01?
A. You should make use of administrator as your user name and the password that you used to
set up Active Directory.
B. You should make use of your usual user name and the password that you used to set up Active
Directory.
C. You should make use of your usual user name and the password for the local administrator
account.
D. You should arrange the hard disks in a mirror array.
Answer: A
Explanation: Because you must always log on to a Windows Server 2003 computer before you
can use the operating system, a small version of a local directory service database (called a SAM
database) remains on the computer after it has been promoted to a DC. This database has a
single account, the local administrator account. Therefore you need to use administrator as the
user name and enter the password that was supplied during the Active Directory installation to be
able to complete the restoration.
Reference:
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, Chapter 11, pp. 720, 731-741
Q: 15
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network have Windows Server 2003 installed and all
workstations have Windows XP Professional installed.
Only IT users are configured as local administrators on the workstations. A new accounting
application package is stored in an .msi file, which is stored in a shared folder named ABCData on
a server. The Allow - Read permission for ABCData has been granted to the Authenticated Users
group. You inform the users that they have open the .msi file in the ABCData folder in order to
install the new accounting package.
Soon afterward you receive reports from various users saying that they are presented with an
error message when they try to install the application.
Which of the following actions should you take to make sure of a successful application
installation? (Choose all that apply.)
A. You should change the Default Domain Policy Group Policy Object (GPO).
B. You should publish the accounting application to all user workstations.
C. You should assign the accounting application to all user workstations.
D. You should assign users the necessary permissions for generating temporary files in the
ABCData folder.
Answer: A,C
Q: 16
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network have Windows Server 2003 installed and all
workstations have Windows XP Professional installed.
ABC.com has its headquarters in Atlanta and a branch office in Miami. The two offices are
configured a separate sites that belong to the ABC.com domain. ABC.com has domain controllers
located in the Atlanta and Miami sites. However, the operations master roles are located at the
Atlanta site.The two sites are connected via a dedicated WAN link, as well as a site link that is
used for replication outside of business hours.
You must configure separate GPOs that can be used to administer configurations of computers in
the respective sites. You want the GPOs to be generated and applied in the correct site as soon
as possible.
Which of the following actions should you take?
A. The Atlanta and Miami sites should be connected using a remote procedure call (RPC)
connection object.
B. Configure a global catalog in each site.
C. Check whether the Infrastructure master role has malfunctioned.
D. Access the Group Policy and Active Directory consoles and configure it to access a domain
controller in the site in which you should apply the GPO.
Answer: D
Explanation: Creating the GPO on a domain controller in a particular site will apply the GPO
much quicker than if the GPO were created on a domain controller in a different site across a site
link. This is because no replication will need to occur for the settings to take effect.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-31 to 10-48
Q: 17
You work as the network administrator at ABC.com. ABC.com has its headquarters in Chicago
and a branch office in Dallas. The headquarters and branch office are configured as Active
Directory sites in the ABC.com domain. All servers on the ABC.com network have Windows
Server 2003 installed and all workstations have Windows XP Professional installed.
A 128Kbps WAN connection links the branch office to ABC.com’s headquarters. Both the
headquarters and branch office have two domain controllers. ABC-DC01 and ABC-DC02 are
located at the headquarters, and ABC-DC03 and ABC-DC04 are located at the branch office.
ABC-DC01 is configured as an Active Directory-integrated DNS server and as a global catalog
server.
A ABC.com employee named Dean Austin works in the Dallas branch office. One morning Dean
complains that logging on to the network takes an exceptionally long time.
Which of the following actions should you take to reduce the logon time in the Dallas branch
office?
A. Promote a server in the Dallas branch office to be an extra domain controller.
B. Use the Active Directory Sites and Services console to enable universal group membership
caching for ABC-DC03.
C. Use the Active Directory Sites and Services console to move ABC-DC02 to the branch office
site.
D. Decrease the replication interval’s value at the site link between Chicago headquarters and the
Dallas branch office.
E. Increase the site link cost between the sites.
Answer: B
Explanation: It takes a long time to log on in the branch office because the branch office domain
controller needs to contact the global catalog server (ABC-DC01) over a slow WAN link. A global
catalog server is a domain controller that stores information about all objects in the forest, but not
their attributes, so that applications can search Active Directory without referring to specific
domain controllers that store the requested data.
We can improve the logon times for the branch office users by enabling universal group
membership caching on a branch office domain controller. Universal group membership caching
allows the domain controller to cache universal group membership information for users. This
eliminates the need for a global catalog server at every site in a domain, which minimizes network
bandwidth usage because a domain controller does not need to replicate all of the objects located
in the forest. It also reduces logon times because the authenticating domain controllers do not
always need to access a global catalog to obtain universal group membership information.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-17 to 1-18, 5-41 to 5-45, 5-48
to 5-50.
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, pp. 31, 543, 547, 550-552.
Q: 18
You work as the IT Admin at ABC.com. The ABC.com network has a domain named ABC.com. All
servers on the ABC.com network have Windows Server 2003 installed and all workstations have
Windows XP Professional installed. All workstations in the ABC.com domain are contained in an
organizational unit (OU) named ABC_Computers and all users have user accounts in an OU
named ABC_Users.
ABC.com is made up of four divisions named Sales, Marketing, Finance and Research.You have
received instruction from the CIO to make an application available to senior employees in the
Finance division. The senior employees will need to access the application irrespective of the
workstation they use. The the Finance division employees will receive an e-mail message
containing a hyperlink to the new application.
When updates for the new application becomes available, you decide to make use of a Group
Policy Object (GPO) to deploy the update to the workstations that are running the application.
Which combination of the following options would you use? (Choose Two)
A. By seting up a new GPO and configure it to deploy the update with the aid of a WMI filter.
B. By seting up a new GPO and configure it to require the update to be deployed.
C. By setting up a new Default Domain Policy that is configured to deploy the update to all
computers.
D. By setting up a new GPO and configure it to enable automatic updates and to deploy the
update.
E. By linking the GPO to the ABC_Computers OU.
F. By linking the GPO to the domain.
Answer: B,E
Explanation: Configuring a GPO that requires the installation of the software update and linking
that GPO to the ABC_Computers OU will install the update only on workstations on which the
application is installed. If the application is not installed, the update will not be installed.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-20 to 10-21, 11-6, 12-3 to 12-
10, 12-13 to 12-28, 12-34 to 12-39
Q: 19
The ABC.com network has domain named ABC.com. The ABC.com network consists of seven
servers that have Windows Server 2003 installed. Five of the servers are configured as domain
controllers, of which two are functional as DNS servers named ABC-SR01 and ABC-SR02.
You are preparing to add a child domain named north.ABC.com. Thereafter, you join a Windows
Server 2003 server named ABC-SR03 to the domain.
A short time later you are informed that the first domain controller in the domain has gone offline.
The CIO instructs you to carry on adding the new child domain and promoting ABC-SR03 to a
domain controller in the north.ABC.com domain.
As you try to execute the dcpromo command on ABC-SR03, you are presented with an error
message stating that the operation has failed as a result of Active Directory not being able to
contact the domain naming master.
Which of the following actions should you take? (Choose all that apply)
A. Access the DNS client settings on ABC-SR03 and configure it to make use of the DNS server
that is cached for the domain.
B. Set up a ABC.com domain controller to have all operations master roles.
C. Set up an existing domain controller to have a copy of the global catalog.
D. Set up an existing domain controller to enable universal caching.
Answer: B
Explanation: The first domain controller installed in the forest will by default, have the domain
naming master operations master role. The question states that the first domain controller installed
fails due to a hardware failure. This means that the forest has no domain naming master. A
domain naming master is required to create additional domains in the forest. To add another
domain, we need to configure one of the other ABC.com domain controllers to hold at least the
domain naming master role (or as the answer states, all of the operations master roles).
Reference:
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, pp. 501-508.
Q: 20
The ABC.com network has a domain named ABC.com. Sites have been configured for ABC.com’s
Research Division, Sales Division and Finance Division. There are currently seven domain
controllers across all the sites. All servers and domain controllers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed.
Since ABC.com is a growing company, there are plans to add a Marketing section in one of the
divisions. To this end you create new computer and user objects for the division to which the
Marketing section will be added. These objects are to be created in the existing organizational
units (OUs). You therefore start to create the objects on a domain controller named ABC-DC03.
However, halfway through the process the operation fails and you are therefore unable to create
the remainder of the objects.
You then investigate the problem and discover that a WAN link to one of the divisions is
unavailable. The division in question has only one domain controller, which is configured to host a
single operations master role.
Which of the following is the role hosted by this domain controller?
A. The PDC emulator role.
B. The Domain naming master role.
C. The Relative ID (RID) master role.
D. The Infrastructure master role.
E. The Schema master role.
Answer: C
Explanation: The RID master role is responsible for allocating blocks of RIDs to domain
controllers in the domain. Whenever new objects are created, a unique security identifier (SID) is
assigned by the domain controller to the object. When the domain controller providing the RIDs
runs out of available RIDs, it will attempt to contact the RID master to request another block of
RIDs. If the RID master is not available, you cannot create new objects. This is exactly what the
case is in this scenario.
Q: 21
The ABC.com network has a domain named ABC.com. The network is configured in such a way
that all user, group, and computer objects are stored in their default Active Directory containers.
In the Research division there are two administrators named Dean Austin and Clive Wilson.
Currently Dean Austin creates, deletes, and manages user objects for the Research division, while
Clive Wilson manages the memberships for the global group objects associated with the Research
division. Dean Austin and Clive Wilson have requested that they be given responsibility for only
the objects that they are accountable for.
You, therefore, want to define the organizational unit (OU) structure accordingly, with the least
amount of administrative effort.
Which of the following actions should you take? (Choose three.)
A. Create an OU named ResearchOU, and then create two child objects named ResearchUsers
and ResearchGroups and move the appropriate objects to each container.
B. Create an OU named ResearchOU and move the appropriate user and group objects to the
container.
C. Deny Dean Austin the right to modify group memberships on the ResearchOU.
D. Allow Dean Austin the right to manage user objects on the ResearchOU.
E. Allow Dean Austin the right to manage all objects on the ResearchUsers OU.
F. Deny Dean Austin the right to manage group memberships for objects in the ResearchGroups
OU.
G. Deny Clive Wilson the right to manage user objects on the ResearchOU.
H. Allow Clive Wilson the right to modify group memberships on the ResearchOU.
I. Allow Clive Wilson the right to manage all objects in the ResearchGroups OU.
J. Deny Clive Wilson the right to manage user objects in the ResearchUsers OU.
Answer: B,D,H
Explanation: You want to assign Dean Austin the right to manage user objects in the Research
department and Clive Wilson the right to modify group memberships in the Research department.
It is further mentioned in the question that neither of the two wants to be assigned permissions
beyond their duties. You can place all user and group objects in a single OU and then delegate
granular control of the OU to each of these two, using the Delegation of Control Wizard. Dean
Austin should then be granted the ability to add, delete, and manage users, while Clive Wilson
should be granted the ability to grant and rescind group memberships in the OU. Making use of
the Delegation of Control Wizard feature of granularity, you achieve you goal with the least amount
of administrative effort since you will only be creating a single OU.
Q: 22
The ABC.com network has a domain named ABC.com. ABC.com has its headquaters in Chicago
and a branch office in Dallas. The Chicago and Dallas offices are configured as separate sites.
The Chicago site has two servers named ABC-SR01 and ABC-SR02. The Dallas site has two
servers named ABC-SR03 and ABC-SR04.
Multiple domain controllers are located in Chicago and one domain controller, named ABC-DC05,
is located in Dallas. All domain controllers have the same hardware configuration and are
configured to have back ups made on a daily basis.
A few days after creating new user objects on ABC-DC05, you discover that it has gone offline due
to faulty hardware. To resolve the issue, you install a new hard disk on ABC-DC05, and then use
the most recent available backup to restore ABC-DC05. You then find that the new user objects
which you have created on ABC-DC05 have disappeared. You must now manually recreate each
lost user object.
How can ensure in the event of hard disk failures on any of the servers. Active Directory data loss
is kept to a minimum?
A. Promote one of the servers in the Dallas site to a domain controller.
B. Transfer the Active Directory log files to an external hard disk in each of the domain controllers.
C. Promote all servers in the domain to domain controllers.
D. Connect the Chicago and Dallas sites using a new site link.
Answer: A
Explanation: To ensure redundancy in the Dallas site in the event of a failure to the domain
controller, we should add another domain controller to the site. We could do this by promoting one
of the servers in the Dallas site to a domain controller.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 2-19 to 2-26
Q: 23
You have recently been hired by ABC.com as IT Admin. You will be responsible for administering
a single Active Directory forest that houses twenty two domains. ABC.com has all of their forest
domains forming part of one Microsoft Exchange 2000 Server organization. ABC.com has
configured twelve of the forest domains to house servers running Windows Server 2003 with the
functional level of all ABC.com domains set to Windows 2000 native.
You must set up a solution whereby you create groups that will only be used to send e-mails to all
ABC.com user accounts that will make use of as little replication traffic as possible, and that it
must also reduce the volume of the Active Directory database.
Which combination of the following actions should you take? (Choose all that apply)
A. By setting up global distribution groups in every domain.
B. By setting up universal security groups.
C. By setting up global security groups in every domain.
D. By adding the required users from each domain as global distribution group members in the
same domain.
E. By adding the required users in the same domain as members of the security group in the same
domain.
F. By setting up universal distribution groups.
G. By adding the required users from each domain as universal distribution group members.
H. By adding the required users from each domain as universal security group members.
I. By adding the global security group members in every domain as universal security group
members.
J. By adding the global distribution groups in every domain as universal distribution group
members.
Answer: A,D,F,J
Explanation: We can minimize replication traffic by placing the users into Global groups, and then
place the Global groups into Universal groups. In Active Directory, a Universal group lists all its
members. If the Universal group contained user accounts, and a user account was added or
removed, then the Universal group information would be replicated throughout the forest. This is
why placing user accounts directly into Universal groups are not recommended. In addition, we
need to use Distribution groups for email groups.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 8: 4
Schema classes and attributes, MS workshop 2209
Q: 24
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. ABC.com has its headquarters in Chicago and a branch division in Dallas and each
configured as a separate site with two domain controllers each. All servers on the ABC.com
network have Windows Server 2003 installed and all workstations have Windows XP Professional
installed.
A new ABC.com written security policy dictates a warning message should be displayed on the
monitors of all client computers prior to any user logging on.
You must modify the warning message. You access a GPO linked to the ABC.com domain to
make the modifications.
During the course of the business day you discover that the warning is displayed to network users
in the Chicago division but not by network users in the Dallas division.
What option should you select for warning message appears uniformly throughout the network?
A. Make use of Replication Monitor to effect immediate replication between the Chicago and
Dallas sites.
B. You should check whether the infrastructure master role has malfunctioned.
C. You should check whether the computer accounts in the Chicago site have the correct
permissions.
D. Run the repadmin command on a domain controller in the Dallas site.
Answer: A
Explanation: It looks like the GPO settings have not been replicated to the Chicago office as they
are still receiving the old notice. We can manually force replication between the two sites to ensure
that the Dallas office receives the new GPO settings.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 1-21 to 1-24, 5-3 to 5-9, 5-25 to
5-37
Q: 25
You have recently been hired by ABC.com as a network administrator. The ABC.com network has
a domain named ABC.com. All servers on the ABC.com network have Windows Server 2003
installed and all workstations have Windows XP Professional installed. The ABC.com domain has
Windows Server 2003 print servers that have printer objects.
You must only assign the ABCSupport group the permissions that they require to manage the
printers, print queues and printer objects in Active Directory.
How can you achieve the above goal?
A. Access the Built-in container, and add the ABCSupport group to the Server Operators group.
B. Access the Built-in container, and add the ABCSupport group to the HelpServicesGroup.
C. Log on to the print servers, and add the ABCSupport group to the Print Operators group.
D. Log on to the print servers, and add the ABCSupport group to the Power Users group.
E. Access the Built-in container, and add the ABCSupport group to the Print Operators group.
Answer: E
Explanation: The built-in Print Operators group is responsible for managing only the printers and
print queues in the domain. We should therefore add the PrinterDocs group to the Print Operators
group.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 8: 4-11
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/enus/
Default.asp?url=/resources/documentation/windowsserv/2003/standard/proddocs/enus/
sag_printconcepts_12.asp
Q: 26
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed. Half the workstations have Windows XP Professional installed,
and the rest have either Windows 2000 Professional or Windows NT Workstation 4.0 installed. All
computer accounts reside in an organizational unit (OU) named Workstations, while all user
accounts reside in an OU named Users.
ABC.com’s updated security policy stipulates that a warning message has to be displayed at log
on for all ABC.com users.
Which combination of the following actions must you perform to adhere to the updated security
policy? (Choose all that apply)
A. By configuring a new GPO containing the relevant settings in the interactive logon section.
B. By configuring the appropriate changes to the default Domain Policy containing the relevant
settints in the interactive logon section.
C. By generating a system policy file, named Ntconfig.pol, and configuring it with the applicable
settings.
D. By using Replication Monitor to force replication
E. By linking the GPO to the ABC.com domain.
F. By adding a copy of the Ntconfig.pol file in the correct folder on the server.
G. By running the repadmin command on a domain controller in the Dallas site.
Answer: A,C,E,F
Explanation: We need to configure a GPO to display the logon message that will apply to the
Windows 2000 and Windows XP clients. We need to configure a system policy to display the
logon message that will apply to the Windows NT clients.
This policy is created with System policies and the System Policy Editor, System policies are used
by network administrators to configure and control individual users and their computers.
Administrators use POLEDIT.EXE to set Windows NT profiles that are either network- or userbased.
Using this application, you can create policies, which are either local or network-driven,
that can affect Registry settings for both hardware and users. The file created to apply the policy is
named NTConfig.pol.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-3 to 10-12, 10-16 to 10-20
Q: 27
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed.
You are preparing to set up ten Windows XP Professional workstations in a kiosk for ABC.com
these workstations are to be for the exclusive use of customers to browse public Web sites, and
must therefore only have a Web browser application installed.
The kiosk computers must be joined to the domain. You then create a new organizational unit
(OU), named CustomerWorkstations, and add the ten computer accounts to it. You configure each
workstation to automatically log on at start up using a user account, named Customer, which does
not have any administrative rights.
Your next task is to set up the kiosk computers to only access public Web sites.
Which combination of the following actions should you take to accomplish the task without
affecting any other users and computers on the ABC.com network? (Choose all that apply)
A. Set up a new Group Policy object (GPO) and link it to the ABC.com domain.
B. Set up a new Group Policy object (GPO) and link it to the CustomerWorkstations OU.
C. Set up the GPO so that it contains a Public Groups policy which places all users in the local
Guests group of each of the ten Windows XP Professional workstations.
D. Set up the new GPO to have loopback mode enbled in the computer settings.
E. Set up the new GPO to have the user settings allow only Internet Explorer to run.
F. Set up the new GPO be applicable to the Customer account exclusively.
Answer: A,E,F
Explanation: The computers are configured to automatically log on the Public User account each
time the computers start. We can configure a GPO to allow only Internet Explorer to run. We can
link the GPO to the domain and use security permissions to ensure that the policy applies only to
the Public User account. This will ensure that the GPO only affects the restricted computers.
The restricted computers are in the Public Computers OU. Therefore, another solution would be to
link the GPO to the Public Computers OU, therefore ensuring that no other computers are affected
by the GPO. Although the Internet Explorer settings are in the user part of a GPO, and this
solution applies the GPO to computers (not users), we can apply the user settings to the Public
User account by using loopback mode.
For loopback processing, you can choose whether to replace or merge user-specific policy. The
replace mode replaces all of a user’s normal policy settings with those defined in the user
configuration of the GPOs that apply to the computer object (the loopback settings). Merge mode
merges the user’s normal policy settings and the loopback settings. In the case where a policy
item in the user’s normal policy conflicts with the loopback settings, the loopback settings are
applied.
Reference:
Mark Minasi, Christa Anderson, Michele Beveridge, C.A. Callahan & Lisa Justice, Mastering
Windows Server 2003, Sybex Inc. Alameda, 2003, p. 784
Q: 28
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed.
ABC.com makes use of an OU named MemberServers to store all computer accounts of member
servers and an OU named ABCUsers used to store all user accounts.
The Development division servers store confidential development records. Development division
users use local user accounts on the Development division servers.
ABC.com has recently updated the security policy for the development servers, which has resulted
in you having to modify the account lockout and password settings.
Which combination of the following actions should be taken to achieve this goal with the least
mount of administrative effort?
A. A new OU should be set up under the Servers OU, and the development servers must be
added to it.
B. A new OU should be set up under the ABCUsers OU, and the development user accounts must
be added to it.
C. A new domain should be set up under the ABC.com domain, and the development servers
must be added to it.
D. A Group Policy object (GPO) should be set up that contains the account lockout and password
settings.
E. A Group Policy object (GPO) that contains the account lockout and password settings should
be set up.
F. The GPO should be linked to the new OU.
G. You should link the GPO to the new domain.
Answer: A,D,F
Explanation: We need to move the records servers to a new OU to that we can easily apply
settings to them by using a GPO. Account lockout and password settings for domain user
accounts must be applied at domain level. However, for this question, we need to configure the
account lockout and password settings for the local user accounts. We can do this by linking a
GPO to an OU containing the records servers.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 6-3 to 6-9, 10-20
Q: 29
The ABC.com network consists of two companies named Research.com and ABC.com. The
network has a forest that is made of two domains named ABC.com and research.com. The
ABC.com domain has two child domains named us.ABC.com and uk.ABC.com. The functional
level of the forest is set at Windows Server 2003.
ABC.com has configured their Directory Services object with the default settings and the ABC.com
forest has 12000 objects, which are modified on a regular basis.
You must make sure that your backup solution will allow for the restore Active Directory objects in
the uk.ABC.com domain using backups that were performed up to four months ago.
Which of the following utilities could you use in this scenario? (Choose TWO.)
A. ADSIEdit
B. Ntdsutil
C. nbtstat
D. Ldp
E. Netstat
Answer: A,D
Explanation: We need to edit a property of Active Directory. We can use a low level editor, such
as AdsiEdit and ldp, to do this. AdsiEdit is a Microsoft Management Console (MMC) snap-in that
acts as a low-level editor for the Active Directory service. It provides a means to add, delete, and
move objects within the Directory Services. The attributes of each object can be viewed, changed,
and deleted. The ldp is a graphical tool that allows users to perform Lightweight Directory Access
Protocol (LDAP) operations, such as connect, bind, search, modify, add, and delete, against any
LDAP-compatible directory, such as Active Directory. LDAP is an Internet-standard wire protocol
used by Active Directory.
Reference:
http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/
Q216/9/93.ASP&NoWebContent=1
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 3-11, 4-21
Q: 30
The ABC.com network has a domain named ABC.com.
ABC.com is made up of four divisions named Sales, Marketing, Finance and Research. An
organizational unit (OU) named Finance contains the file servers, user accounts and groups of the
Finance division. Adminsitrators of the Finance division have to connect to the file servers to
perform administrative duties. Each file server has a local group named Finance Admins, which
provides them with the necessary permissions to fulfill their administrative responsibilities.
A new ABC.com security policy requires that only the user accounts for managers in the Finance
division must be allowed memebership of the Finance Admins group.
How can you provider maximum security for Finance Admins group membership?
A. You have to configure a new Restricted Group GPO for each Finance Admins group.
B. You have to create a universal group named Finance Admins and add the user accounts for
finance managers to it.
C. You should link the GPO to the Finance OU.
D. You should add the file servers to the Finance OU.
Answer: A
Explanation: Given the organization structure of the company and the security concerns, the way
to ensure that membership of the Finance Admins group in each file servers is as secure as
possible, you need to place restrictions on the group membership by creating a GPO that
configures restricted groups for each Finance Managers group and link this GPO to the Finance
OU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 8: 6
Q: 31
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed.
ABC.com is made up of four divisions named Sales, Marketing, Finance and Research. ABC.com
has a file server named ABC-SR12 that stores files for the Research division.
You must deploy the Remote Administration Tools software package to the network
administrators. The network administrators belongs an OU named ABC_Admin. You then place an
.msi file into a shared folder named ABC_Share on ABC-SR12. You also create a GPO named
ABC_GPO. You then use a software installation policy to deploy the package. You then link the
ABC_GPO to the NetAdmin OU, which contains the workstations and the network administrators.
You then received complaints from the network administrators that they do not have the Remote
Administration Tools on their workstations. You also notice that the package is not available on
your computer. You then go through the event log and notice that the application failed to install
because the source could not be found.
Which of the following actions should you take to make sure that the package is deployed to the
network administrators?
A. To ensure that the package is correctly deployed you need to specify ABC-SR12\ABC_Share
as the default package location in the Computer Configuration\Software installation node in
ABC_GPO.
B. Your best option would be to permit the Authenticated Users group Allow – Read permissions
for ABC-SR12\TestShare.
C. You can accomplish this by reconfiguring ABC_GPO.
D. Your first step would be to remove the first software installation policy in ABC_GPO.
Thereafter you will be able to create an additional software installation policy that will assign the
package.
Answer: B
Explanation: If you want to install the package you need to make use of an appropriate .msi file. It
will also be required of you to permit the Authenticated Users group Allow – Read permissions for
ABC-SR12\TestShare.
Q: 32
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. ABC.com has its head office in London, and branch offices in Manchester and Leeds.
These offices are configured as separate sites that host all ABC.com’s domain controllers.
The ABC.com domain contains an organizational unit (OU) named Finance, which contains two
child OUs named Paid and Outstanding.
You have received instruction from the CIO to have the Windows Update service disabled on all
workstations in the domain. However, workstations in the Finance OU must continue to have the
Windows Update service installed.
Which combination of the following actions should you take and still make use of the least amount
of Group Policy objects (GPOs)? (Choose all that apply)
A. By setting up a new GPO specified to disable Windows Update under the User Configuration
section of the GPO.
B. By setting up a new GPO specified to disable Windows Update under the Computer
Configuration section of the GPO.
C. By linking the GPO to the ABC.com domain.
D. By linking the GPO to the London, Manchester and Leeds sites.
E. By enabling Block Policy inheritance on the Finance OU.
F. By enabling No Override on the GPO.
Answer: A,C,E
Explanation: You want to Windows update to run only on workstations in the Finance OU. To do
this you must create two GPOs: one for the domain and one for the Finance OU. Configure the
domain GPO to disable Windows Update and block policy inheritance on the GPO for the Finance
OU. Windows Update is enabled by default so blocking inheritance will ensure that it is still applied
to the Finance OU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-40 to 10-41
Q: 33
The ABC.com network has a domain named ABC.com. ABC.com is made up of three divisions
named Sales, Marketing and Finance. ABC.com has an organizational unit named after each
division. The Finance OU hosts two child OUs named Products and Research.
Management wants you to install a finance application to the user accounts in the Finance, as well
as the Research OU.
It is important that the application is not installed for users that are members of the Products OU.
You have to ensure that a visual application is installed for members of the Products OU only.
You must design a Group Policy Object (GPO) solution to meet the requirements.
Which of the following actions should you take FIRST?
A. You should set up a new GPO named ABCDistribution specified to deploy both the finance and
the visual applications, and link it to the Finance OU.
B. You should set up a new GPO named ABCFinance specified to deploy the finance application,
and link it to the Finance OU.
C. You should set up a new GPO named ABCVisual specified to deploy the visual application, and
link it to the Finance OU.
D. You should set up a new GPO named ABCVisual sepcified to deploy the visual application, and
link it to the Products OU.
Answer: B
Q: 34
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed. The
functional level of the domain is set at Windows 2000 native.
ABC.com has recently purchased 20 new servers to accommodate the rapid growth that the
company experienced. These new servers will be used for deploying a new application. You must
create a new organizational unit (OU) named R&D, which will be used to store the required
resources for the new application. The global group named AdminGlobal will be responsible for
allowing access to the application servers only. You must enable AdminGlobal to assign
permissions for application servers.
Which combination of the following actions should you take to make sure that you adhere to the
principle of least privilege? (Choose two)
A. You should have a Group Policy object (GPO) created for restricted groups that specifies the
AdminGlobal group as a member of the Power Users on each application server, and then link it to
R&D OU.
B. You should add the AdminGlobal group to a security group.
C. You should set up a Domain Local security group, and configure it to allow suitable access to
the application servers.
D. You should assign the AdminGlobal group permission to add or remove members from the
Domain Local security group.
E. You should make the AdminGlobal group the Server Operators group.
Answer: C,D
Explanation: The ABC.com server access team needs to grant various types of access to the
servers therefore we need to place them in a security group. This would need to be a domain local
group
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-4 to 10-12, 10-15 to 10-19,
10-24 to 10-28.
Q: 35
All servers on the ABC.com network have Windows Server 2003 installed. A domain controller
named ABC-DC01 is configured as an enterprise root certification authority (CA).
An existing ABC.com security policy stipulates that all connections to external computers must
make use of IPSec for secure connections. Furthermore, this means that all IPSec connections
must have a computer certificate.
Which of the following actions should you take to make sure that all ABC.com’s computers adhere
to the security policy?
A. You should automatically issue user certificates from your enterprise CA to all users on the
ABC.com network by using a GPO. Then you can import the root CA certificate of a partner
company into the Trusted Root Certification Authorities user certificate store.
B. Navigate to the computer settings section to set up a new automatic certificate request in the
Default Domain Policy Group Policy object (GPO).
C. You should acquire a computer certificate from a commercial CA and then save it into the
Personal computer certificate store on all ABC.com computers.
D. You should acquire a user certificate from a commercial CA to digitally encrypt all
communications that occur to and from all ABC.com computers.
Answer: B
Explanation: Each computer must have a unique, computer specific, certificate for IPSec. The
certificate contains the hostname of the computer. The answer is to create a new automatic
certificate request in the computer settings section of the Default Domain Policy Group Policy
object (GPO). The automatic request will allow the computer to get a unique certificate that has
the hostname of the computer, which will work for IPSec.
Reference:
J. C. Mackin, Ian McLean, MCSA/MCSE self-paced training kit (exam 70-291): Implementing,
Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft
Press, Redmond, Washington, 2004, p.11: 88
James Chellis, Paul Robichaux, and Matthew Sheltz, MCSA/MCSE: Windows Server 2003
Network Infrastructure Implementation, Management, and Maintenance Study Guide, Sybex Inc.,
Alameda, 2004, p. 11: 15
Michael Cross, Jeffery A. Martin, Todd A. Walls, Martin Grasdal, Debra Littlejohn Shinder & Dr.
Thomas W. Shinder, MCSE: Exam 70-294: Planning, Implementing, and Maintaining a Windows
Server 2003 Active Directory Infrastructure Study Guide & DVD Training System, Syngress
Publishing, Rockland, MA, 2003, Chapter 9, p. 612
Q: 36
The ABC.com network has a domain named ABC.com. All servers in the ABC.com domain run
Windows Server 2003. Your job description involves the planning of the domain structure for
ABC.com.
You must create a new child domain in the ABC.com domain. To this end you deploy a new
Windows server 2003 computer named ABC-SR10 on the network. Then you check for successful
communication with the other computers on the ABC.com network.
You then decide to make use of Active Directory Installation Wizard to create the new child
domain. You navigate to the location in which you want to deploy the first domain controller. You
then get prompted to specify a user account from the parent domain. However, your efforts fail
and the promotion of ABC-SR10 to a domain controller comes to naught. Instead you receive an
error message that states that no domain controllers for the parent domain can be found.
Which of the following actions should you take to rectify the error in the child domain that prevents
you from promoting the server to a domain controller?
A. For the purpose of name resolution, ABC-SR10 should be configured to use another DNS
server.
B. ABC-SR10 should be configured to make use of another WINS server for the purpose of name
resolution.
C. To rectify the error the Active Directory Installation Wizard should be run again.
When prompted you need to specify a user account that enjoys Schema Admins group
membership.
D. Prior to joining ABC-SR10 to the ABC.com domain, you need to run the Active Directory
Installation Wizard yet again.
Answer: A
Explanation: Windows Server 2003 operating system makes use of DNS as the locator service.
This is to locate the domain controllers on the network. Currently the problem here arises because
ABC-SR10 is unable to locate domain controllers for ABC.com. This means that the DNS client on
ABC-SR10 is not configured to use a DNS server that can locate the domain controllers. The
scenario states that ABC-SR10 can communicate successfully with the other computers on the
network. It makes use of NetBIOS over TCP/IP to use WINS server or b-node broadcasts for the
purpose of name resolution. However, ABC-SR10 is configured with Windows Server 2003; you
should configure it to use a DNS server that is authoritative for ABC.com and then run the Active
Directory Installation Wizard again.
Q: 37
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed.
ABC.com has its headquarters in Chicago and offices in Dallas and Miami. The ABC.com domain
has an organizational unit (OU) configured for the Dallas and Miami offices. ABC.com resources
are governed by means of Group Policy objects (GPOs) linked to these OUs.
The Dallas and Miami office OU’s are further organized to each include an OU named Users and
an OU named Desktops. User accounts are located in the Users OU and computer accounts are
located in the Desktops OU. Both the Dallas and Miami office has a designated manager for
desktop and manager support for their respective office.
One morning you notice that the volume of support calls for the ABC.com branch office managers
have increased. You discover that there are users who are modifying their workstations. This
proves to be an untenable situation.
How can you configure a new restrictive GPO that will immediately prevent all users other than the
designated managers from using administrative tools and desktop features?
A. By linking the GPO to the Desktops OU of Dallas and Miami offices.
B. By linking the GPO to the Users OU of Dallas and Miami offices.
C. By placing the branch administrative user’s computer accounts in a new OU under Dallas and
Maimi Desktops OU.
D. By placing Miami and Dallas office’s administrative user’s account in a new OU under its
respective Users OU.
E. By applying an appropriate filter to include the user accounts of the Dallas and Miami managers
from being affected by the GPO.
F. By applying an appropriate filter to exclude the user accounts of Dalls and Miami managers
from being affected by the GPO.
Answer: B,F
Explanation: We need to restrict desktop features and administrative tools for all users other than
the administrative user in each branch office. We have already created a GPO that applies the
desktop restrictions. We now need to link the GPO to each branch office’s Users OU which
contains all user accounts for the branch. We can ensure that this GPO doesn’t apply to the
administrator by assigning the Deny –Apply Group policy to the administrator account in each
branch.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-40 to 10-41
Q: 38
The ABC.com network has a domain named ABC.com.
ABC.com has an organizational unit, named ABCData, which hosts numerous computer accounts.
ABC.com also has a Group Policy Object linked to the domain, named ABCSec, which is
configured to enable security settings.
How can you apply these security settings computer accounts hosted in theABCData OU with the
least amount of GPO links without affecting any other computer accounts?
A. You should change the discretionary access control list (DACL) for ABCSec.
B. You should disable the User Configuration section of ABCSec.
C. You should link ABCSec to ABCData.
D. You should remove the link from ABCSec to the domain.
E. You should assign the computer accounts in the ABCData OU the Allow - Read and the Allow -
Apply Group Policy permissions.
Answer: C
Q: 39
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed.
ABC.com has its headquarters in Atlanta and a branch office in Georgia. These offices are
configured as separate sites.
ABC.com has a dedicated WAN link, as well as a site link that connects Atlanta and Georgia. All
domain controllers are located in the Atlanta site.
You receive instruction to redirect the My Documents folder of all ABC.com users. You use a
Group Policy object (GPO) to perform the redirection and link it to the domain. ABC.com users in
Atlanta report that their folders have been effectively redirected. ABC.com users in Georgia,
however, report that their folders are not being redirected.
Which of the following actions should you take rectify this problem?
A. Edit the GPO, enable the User Group Policy loopback processing mode policy, choose replace,
and define the required policy settings.
B. Edit the GPO, enable the User Group Policy loopback processing mode policy, choose merge
mode, and define the required policy settings.
C. Link the GPO to Atlanta and to Georgia rather than the domain.
D. Disable Group Policy slow link detection in a new GPO that is linked to Georgia.
Answer: D
Explanation: The users in Georgia receive their GPOs from domain controllers in Atlanta. The
bandwidth of the link between the two sites is less than 500Kbps which is the ‘slow link’ threshold.
Therefore, if slow link detection is enabled, the policy won’t apply. To apply the policy to users in
Georgia, we need to disable slow link detection.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 11-28 to 11-48
Q: 40
The ABC.com network has a forest that contains numerous domains spread across several sites.
All servers on the ABC.com network have Windows Server 2003 installed and all workstations
have Windows XP Professional installed.
After certain users in a remote site reports that the logon process took longer than normal when
they logged on in the morning, you investigate this phenomenon and detect that you are unable to
execute administrative tasks on the domain controller named ABC-DC10 remotely. This domain
controller is located in the same site as the users who sent in the report. You ask a fellow
administrator named Andy Booth, who is stationed at that site, to log on to ABC-DC10 interactively
to verify its functionality. Andy Booth reports that the ABC-DC10 seems to be operating as it
should.
You have received instruction from the CIO to ensure that you are able to administer ABC-DC10
remotely.
Which of the following actions should you take?
A. Your first step should be to change the replication interval for the site link that connects the
remote site to your site to a lower value.
B. On ABC-DC10 you need to ensure that the Net Logon service is restarted.
C. Your best option is to make sure that replication is forced between ABC-DC10 and another
domain controller in the same domain.
D. You should consider enabling NetBIOS over TCP/IP on ABC-DC10.
Answer: B
Explanation: The Net Logon service on domain controllers is responsible for registering and
periodically refreshing their locator records. This is the DNS SRV resource record and host (A)
record. Since you are able to access shared resources on ABC-DC10 by its host name the A
record for ABC-DC10 is therefore correct. You are, however, unable to locate ABC-DC10 as a
domain controller. This is an indication that the SRV record for ABC-DC10 is either missing or
corrupt. You should, therefore, restart the Net Logon service on ABC-DC10 in order to force it to
refresh its locator records in DNS.
Q: 41
The ABC.com network has a forest with a forest root domain named ABC.com and two child
domains named north.ABC.com and south.ABC.com. The functional level of the forest is set at
Windows 2000 and the functional level of all three domains is set at Windows 2000 native. All
domain controllers run Windows 2000 Server.
You have administrative privileges in the north.ABC.com domain. Your user account is included in
the Schema Admins, Domain Admins, and Domain Users security groups.
Which of the following actions should you take to update the schema and configuration partitions
in Active Directory?
A. Execute the adprep.exe command with the /forestprep parameter for the ABC.com domain on
the PDC emulator.
B. Restart the schema master in Directory Services Restore Mode before executing the
adprep.exe command with the /forestprep parameter.
C. Make sure that your user account is a member of the Enterprise Admins security group before
executing the adprep.exe command with the /forestprep parameter on the schema master.
D. Execute the adprep.exe command with the /domain prep parameterfor the ABC.com domain on
the PDC emulator.
E. In each domain in the forest, execute the adprep.exe command with the /domainprep
parameter on the infrastructure master.
Answer: C
Explanation: ForestPrep updates the schema and configuration partitions in Active Directory,
therefore the account used to run ForestPrep must be a member of the Schema Admins and
Enterprise Admins security groups.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 3-5.
MS Press: MCSE Self-Paced Training Kit (Exam 70-284); Implementing, and Managing Microsoft
Exchange Server 2003, 2004, p 2-12 to 2-15
Q: 42
The ABC.com network has a domain named ABC.com. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed.
ABC.com recently entered into partnership with Weyland Industries. The Weyland Industries
network users access resources located in the ABC.com domain. You must prepare to place the
Weyland Industries computer accounts in an organizational unit (OU) named WeyUsers. ABC.com
and Weyland Industries wants you to ensure that the workstations are always updated when
Microsoft Update releases new security hotfixes and service packs.
Which of the following actions should you take? (Choose all that apply)
A. You should add Weyland Industries network users to a global group.
B. You should add Weyland Industries network users to a universal group.
C. You should configure a new Group Policy object (GPO) which configures the client computers
to automatically download and install updates from Microsoft update servers from the Internet.
D. You should link the new GPO to the WeyUsers OU.
E. You should link the new GPO to the ABC.com domain.
Answer: B,D
Explanation: To ensure that computers download and install the updates, we must configure a
GPO to download and apply the updates either from the Microsoft updates server, or from the
internal server on which you install and configure Software Update Services. The GPO must apply
to only client computers as administrators will manually update server computers as required. All
client computers are in the WeyUsers OU therefore we should link the GPO to the OU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-40 to 10-41
Dan Holme and Orin Thomas, MCSA/MCSE Self-Paced Training Kit (Exam 70-290): Managing
and Maintaining a Microsoft Windows Server 2003 Environment, Microsoft Press, Redmond,
Washington, 2004, pp. 9-14 to 9-16
Q: 43
The ABC.com network has a forest named ABC.com, which has a single domain named
uk.ABC.com.
ABC.com recently entered into partnership with Weyland Industries. The Weyland Industries
network users access resources in the uk.ABC.com domain.
Consequently ABC.com has introduced a new security polcy that requires all the Weyland
Industries user accounts that exists in uk.ABC.com to make use of secure password protection.
Which of the following actions should you take to make sure that the new policy is enforced?
A. You should have the Default Domain Policy GPO of the uk.ABC.com domain modified to put
the Password must meet complexity requirements policy into effect.
B. You should make use of a GPO to set up the Password must meet complexity requirements
policy, and then have the GPO linked to the forest.
C. You should have the Weyland Industries users added to a universal group and make use of a
GPO to set up the Password must meet complexity requirements policy, and then have the GPO
linked to the uk.ABC.com domain.
D. You should have the Weyland Industries users added to a global group and then use a GPO to
set up the Password must meet complexity requirements policy, and then have the GPO linked to
the uk.ABC.com forest.
Answer: A
Explanation: GPOs are applied at the level at which they are linked. The password policy must be
configured at the domain level if it is to be applied to the domain. Therefore we must link the GPO
at the domain level.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-41 to 10-42
Q: 44
The ABC.com network has a domain named ABC.com. ABC.com has recently decided to place all
the network domain controllers in an organizational unit (OU) named KingServers.
ABC.com recently entered into partnership with Weyland Industries and added the Weyland
Industries computers, which are stand-alone servers, to an organizational unit (OU) named
WeyServers.
During the course of the day you receive instruction from ABC.com to prepare a computer named
ABC-SR01 with the appropriate security settings, which will then be applied to the Weyland
Industries servers.
Which of the following actions should you take? (Choose all that apply)
A. You should consider having the security settings configured on ABC-SR01 exported to a
custom template.
B. You should consider making use of the netsh dump command on ABC-SR01 to create a script.
C. You should consider making use of the netsh show config command on ABC-SR01 to create a
script.
D. You should consider making use of the netsh set config command on ABC-SR01 to create a
script.
E. You should then have a Group Policy Object (GPO) created which uses the script, and link it to
the KingServers OU.
F. You should then have a Group Policy Object (GPO) created to import the settings from the
custom template, and then link it to the WeyServers OU.
Answer: A,F
Explanation: You need to apply the settings to all servers that are not domain controllers. All
these servers are in the WeyServers OU and you have applied the security settings to ABC-SR01.
All you need to do now is export the settings to a custom template and import to a GPO that is
linked to the WeyServers OU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-40 to 10-41, 13-57 to 13-62
Q: 45
You work as the network administrator at ABC.com. The ABC.com network has a domain named
ABC.com. All servers on the ABC.com network have Windows Server 2003 installed and all
workstations have Windows XP Professional installed.
ABC.com recently entered into partnership with Weyland Industries whose network users
consequently have access to a file server, as well as receive and send e-mail via the ABC.com
domain. The Weyland Industries workstations are configured with the same settings. ABC.com
introduces a new security policy that requires the Weyland Industries network users being
prevented from installing additional files and modifying their desktop settings.
Which combination of the following actions should you take to make sure that that the security
policy requirements are suitably met? (Choose two)
A. You should add the Weyland Industries network users to a universal group named WeyUsers.
B. You should add the Weyland Industries network users to an organizational unit (OU) named
WeyUsers.
C. You should add the Weyland Industries network users to a global group named WeyUsers.
D. You should apply the restrictive security policy by means of a Group Policy Object (GPO) that is
configured accordingly and linked to the WeyUsers OU.
E. You should have a Group Policy Object (GPO) set up that specifies the required restrictions in
the User Configuration section which will be linked to the WeyUsers OU.
F. You should have a Group Policy Object (GPO) set up that specifies the required restrictions in
the User Configuration section which will be linked to the domain.
Answer: B,E
Explanation: To restrict processing department users from running certain files and changing
their desktops, we need to configure the required restrictions in a GPO and have it applied to all
processing department users. This can be achieved by placing all processing department users in
an OU and applying the GPO to that OU.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 10-16 to 10-20, 10-40 to 10-41
Q: 46
The ABC.com network has a forest named ABC.com and two domains named us.ABC.com and
uk.ABC.com. The forest operates in a Windows 2000 native functional level. All servers on the
ABC.com network have Windows 2000 Server Service Pack 4 (SP4) installed and all workstations
have Windows XP Professional installed. ABC.com currently makes use of a computer named
ABC-DC01, which is configured as a domain controller.
You are preparing to uABCrade the forest functional level to Windows Server 2003. Thus you
remove ABC-DC01 from the domain to uABCrade the remaining servers to Windows Server 2003.
During the course of the day you receive instruction from ABC.com to redeploy ABC-DC01 as a
supplementary domain controller in the us.ABC.com domain.
You have started by executing the dcpromo /forceremoval command to demote ABC-DC01 to a
member server.
Which of the following actions should you take NEXT?
A. You should open Active Directory Users and Computers to add a computer account for ABCDC01
in the uk.ABC.com domain.
B. You should install Windows Server 2003 on ABC-DC01 prior to executing the dcpromo
command which promotes ABC-DC01 to be a new domain controller on the us.ABC.com domain.
C. You should open Active Directory Users and Computers to add a computer account for ABCDC01
in the us.ABC.com domain.
D. You should install Windows Server 2003 on ABC-DC01 prior to executing the dcpromo
command which promotes ABC-DC01 to be a new domain controller on the uk.ABC.com domain.
Answer: B
Explanation: Once the forest functional level is raised to Windows Server 2003, you cannot add a
Windows 2000 domain controller to the forest. We would need to uABCrade the Windows 2000
domain controller to Windows Server 2003. However, we must first demote the Windows 2000
domain controller and then uABCrade it to Windows Server 2003. Add it to the network and then
promote it.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 4-24 to 4-37
Q: 47
The ABC.com network has a forest that contains a single domain named ABC.com. The functional
level of the domain is set at Windows Server 2003. All servers on the ABC.com network have
Windows Server 2003 installed and all workstations have Windows XP Professional installed. A
server named ABC-SR01 is used to store files.
ABC.com recently entered into partnership with Weyland Industries. The Weyland Industries
network is named weyland.com and its functional level is set at Windows NT 4.0. Due to the
partnership all Weyland Industries network users will also save their documents and files to ABCSR01.
You must thus make sure that the files on ABC-SR01 are accessible to the Weyland Industries
network users without allowing any Weyland Industries administrators the ability to assign
permissions for servers in the weyland.com domain to network users in the ABC.com domain.
How can you achieve the above tasks?
A. You should consider employing the netdom command utility to set up a temporary two-way
realm trust relationship where the ABC.com domain trusts the weyland.com domain.
B. You should consider employing the netdom command utility to set up a one-way external realm
relationship where the ABC.com domain trusts the weyland.com domain.
C. You should consider employing the netdom command utility to set up a one-way external trust
relationship where the ABC.com domain trusts the weyland.com domain.
D. You should consider employing the netdom command utility to set up a temporary one-way
external trust relationship where the ABC.com domain trusts the weyland.com domain.
Answer: C
Explanation: Users in the ABC.com domain need to access resources on ABC-SR21in the
ABC.com domain. Users in the ABC.com domain do not need access to resources in the
weyland.com domain. Therefore, we need a one-way external trust relationship in which the
ABC.com domain trusts the weyland.com domain.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294);
Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory
Infrastructure, Microsoft Press, Redmond, Washington, 2004, pp. 4-41 to 4-48
Q: 48
Your company is expanding its single location with five new offices, all in different states. Each
location will have 10 marketing employees or less to supplement the 25 already employed at the
main office. Your security engineer says that all employees will abide by the same company
security policy. They will hire another systems administrator at your office to handle the increased
workload. When asked about how the company’s single-domain Windows Server 2003 Active
Directory will be affected by the expansion, you reply that new servers will have to be installed at
the remote locations. Your manager wants to know what server hardware and software to budget
for. What do you tell him? (Choose one.)
A. Five servers and five copies of Windows Server 2003 Datacenter Edition
B. Five servers and five copies of Windows Server 2003 Standard
C. Ten servers and ten copies of Windows Server 2003 Enterprise Edition
D. Ten servers and ten copies of Windows Server 2003 Standard
Answer: B
Q: 49
You have an OU called Support. You have a GPO called RegEdit. The only setting in the RegEdit
GPO is that the use of the Registry editing tools has been disabled in the User Configuration node.
For performance reasons, the decision has been made to limit the numbers of GPOs that are
processed at logon. The decision has been made to remove the requirement to disable the use of
the Registry editing tools. What should your course of action be to implement the new decisions?
A. Remove the RegEdit GPO from the Support OU.
B. Create a new GPO that enables the use of the Registry editing tools. Apply the new GPO to
the Support OU.
C. Edit the Registry on the computers used by the Support OU that will allow for use of the
Registry editing tools.
D. Configure a local GPO to allow the use of the Registry editing tools. Set the No Override option
to this policy.
Answer: A
Q: 50
You created three OUs for your domain: one called Corp, and two child OUs called Sales and
Tech. You create two GPOs, one called Desktop and the other called Network. The Desktop GPO
specifies the desktop settings for all users. The Network GPO specifies the network and Registry
policies. The Desktop policy prohibits users from being able to change their wallpaper. You first
apply the Desktop GPO to the Corp OU, and then apply the Network GPO to the Corp OU. You
delegated control of the OU to the senior member of the Tech group. Later, the Tech OU manager
modifies the Desktop GPO to allow his users to change their wallpaper. What should you do to
ensure that their changes will not take effect?
A. Nothing, since the GPOs were not applied to the Tech OU, they will not affect the users.
B. You should set No Override on the Tech OU so that its settings are not overridden.
C. You should set No Override on the Corp OU so that its settings are not overridden.
D. You should set Block Inheritance on the Tech OU so that the settings from the parent OU are
not applied to the child OU.
Answer: C
Q: 51
A company uses a single-master domain model, with resource domains for each of its divisions. It
has registered two domains under the names www.dotnetforce.com and www.w3force.com. In this
situation, which Active Directory information will be replicated between DCs in the dotnetforce.com
and the w3force.com domains?
A. Domain-naming context
B. Schema-naming context
C. Configuration-naming context
D. GC
E. SYSVOL
Answer: B,C,D
Q: 52
Steffie, an system administrator, has implemented two sites that are connected by a site link. The
Cost property is set to 100, and the Replicate Every property is set to 50 minutes. How often will
the replication occur?
A. Every 5 minutes
B. Every 50 minutes
C. Every 180 minutes
D. The replication frequency cannot be determined.
Answer: B
Q: 53
Michael is an enterprise administrator for ABC, Inc. He is installing Microsoft Exchange 2000 into
his domain. His domain, ABC.biz, has two sites and one child domain: CA.ABC.biz, a subsidiary in
Sacramento, California. Michael logs on to the domain with his focus on a local DC and as a
member of the Enterprise Admins group. During the Exchange installation, he runs across errors
that restrict him from completing the installation. Which is a possible reason for this problem?
A. Exchange 2000 cannot run on Windows Server 2003 domains because the schemas are
incompatible.
B. The RID FSMO is unavailable.
C. The Domain Naming FSMO is unavailable.
D. Michael must log on as a member of the Schema Admins group.
Answer: D
Q: 54
Heather has been hired to come into your company and install a customized Directory-enabled
application. Only the users in your branch office located in Fresno, California use this application.
Your headquarters is in Santa Rosa, California, and you created a site for each location and set up
directory replication over the slow WAN link to occur only at night. Access between the sites
occurs at that time, but occasionally you allow the sites to connect during the day when a certain
threshold of requests is reached. You create a temporary account for Heather and place the new
account in the Schema Admins group. Heather begins to install the application but soon realizes
that the schema will not let her extend it, as the application requires? Which is a possible reason
for this?
A. She must install the application in Santa Rosa and then set up Terminal Services for the users
in Fresno to access the application remotely.
B. She needs to wait for the schema extension requests to be processed between the two sites.
C. The Schema FSMO is unavailable.
D. The schema can only be extended on the DC that holds the Schema FSMO.
Answer: C
Q: 55
You have a network with a main office and a satellite office. The functional level of your network is
Windows 2000 Native. The satellite office has a DC. The main office has a DC and a GC server.
You encounter a problem with the link between the main office and the satellite office. You are
concerned that users will not be able to log on at the satellite office because they cannot access
the GC. To your surprise, they are still able to log on to the domain. How is this possible?
A. The DC at the branch office could be set to cache Universal Group information, allowing clients
to still log on.
B. The GC isn’t required for logon, simply for searching the directory after you are logged on.
C. The DC at the satellite office is operating in the role of Schema Master and can authenticate
without a GC server.
D. The users are logging on locally and not authenticating to the domain.
Answer: A
Q: 56
You have multiple locations that are part of the Default-First-Site-Name site. These locations are in
Florida, Oregon, and Iowa. You have instituted GC servers at each location. While monitoring your
network, you are noticing a lot of replication traffic between the locations. How can you remedy the
amount of replication traffic and how that traffic is handled?
A. Implement the use of Subnet objects
B. Implement the use of Object classes
C. Implement the use of sites
D. Implement the use of site connectors
Answer: C
Q: 57
You have just set up a Windows Server 2003 Active Directory network, and you want to use group
policies to control user configuration. You have configured local policies on some of the machines
in your domain, and you also want to configure some site and OU policies for more granular
control, but you are concerned about policies at different levels “canceling each other out.”Which
of the following types of GPOs will override settings applied at the domain level? (Choose all that
apply.)
A. Local
B. OU
C. Site
D. Domain
Answer: B
Q: 58
You have been asked to set up a group policy environment in a new Windows Server 2003 Active
Directory network. Your supervisor has asked if local computer settings will override settings
applied in a domain GPO. You explain to him that policies applied later in the processing order
generally take precedence over policies set earlier. In what order are group policies applied?
A. OU policies, domain policies, site policies, local policies
B. Site policies, domain policies, OU policies, local policies
C. Local policies, site policies, domain policies, OU policies
D. Local policies, OU policies, domain policies, site policies
Answer: C
Q: 59
What term describes what happens when a user double-clicks on a file with an associated
extension that launches the installation of a package configured in Group Policy?
A. Folder redirection
B. Document invocation
C. Blocking inheritance
D. No override
Answer: B
Q: 60
Your supervisor asks you how Active Directory knows which transactions have been committed to
the database. You explain that this is tracked in a file known as:
A. Edb.log
B. Ntds.dit
C. Edb.chk
D. Edb00001.log
Answer: C
Q: 61
You are the network administrator for your company. The company's logical network design
consists of a single Active Directory domain. All servers run Windows Server 2003, and all client
computers run Windows XP Professional.
Organizational units (OUs) are created for each department in the domain as shown in the exhibit.
(Click the Exhibit(s) button.) Multiple Group Policy objects (GPOs) are created for and linked to
each OU.
You are considering moving users from the APayables OU into the Acct OU. You are considering
moving computers from the Acct OU into the APayables OU. However, you are concerned that
this action will result in restrictive group policy settings applied to the users and computers after
they are moved. You want to identify any existing policies that may cause disruptions for these
users and computers before performing this operation.
Unfortunately not all computers are turned on and not all users are logged in.
What should you do?
A. From the Acct OU, run Resultant Set of Policies (RSoP) in Logging mode.
B. From the Acct OU, run Resultant Set of Policies (RSoP) in Planning mode.
C. From the APayables OU, run Resultant Set of Policies (RSoP) in Logging mode.
D. From the APayables OU, run Resultant Set of Policies (RSoP) in Planning mode.
Answer: B,D
Q: 62
You are the network administrator for your company. The company's logical network design
consists of a single Active Directory domain. All network servers run Windows Server 2003, and all
network clients run Windows XP Professional.
You are planning on performing some network maintenance that will result in the network being
unavailable to dial-in users next weekend. You want to use group policy to deploy the following
logon banner to provide advance notice of the event to network users:
The network will be unavailable for local or remote access this weekend. Please download any
files on Friday that you will require access to over the weekend. The network will be available 8
A.M. Monday. You create a new Group Policy object (GPO) that will be linked at the domain level
to deploy the logon banner.
You must configure the appropriate policy setting that will deploy the logon banner using the least
amount of administrative effort.
What should you do?
A. Enable the Scripts (Startup/Shutdown) policy and create a script that displays the desired
message text.
B. Enable the Interactive logon: Message text for users attempting to log on policy and define the
desired message text.
C. Enable the Interactive logon: Message title for users attempting to log on policy and define the
desired message text.
D. Enable the Domain controller: Allow server operators to schedule tasks policy, create a batch
file that displays the desired message text, and use Schtasks to run the new batch file.
Answer: B
Q: 63
You are a network administrator of an Active Directory forest named company.com. A business
partner's network consists of another forest named partner.com. The forests are presented in the
following exhibit.
The functional level of both forests is Windows Server 2003. Users in the child1.company.com
domain in your forest need access to resources in the branch2.partner.com domain in the
partner's forest. Administrators in the partner's forest should be able to assign permissions for
resources in branch2.partner.com only to users from child1.company.com. Administrators in your
forest should not be able to assign permissions in their domains to users from the partner's forest.
In cooperation with an administrator of the partner.com forest, you must configure the appropriate
trust relationship.
Which of the following trust relationships should you create?
A. an external trust where the branch2.partner.com domain trusts the child1.company.com
domain
B. an external trust where the child1.company.com domain trusts the branch2.partner.com
domain
C. a forest trust where the partner.com forest trusts the company.com forest
D. a forest trust where the company.com forest trusts the partner.com forest
Answer: A
Q: 64
You are the network administrator for your company. The company's logical network design
consists of a single Active Directory domain. All servers run Windows Server 2003, and all client
computers run Windows XP Professional.
You are using the Ntdsutil utility to authoritatively restore an organizational unit (OU) that was
mistakenly deleted.
The deleted OU, named Orders, was located in the weconsult.com domain.
Which command should be entered at the authoritative restore prompt to authoritatively restore
the deleted OU?
A. ntdsutil OU=orders,DC=weconsult,DC=com
B. restore subtree OU=orders,DC=weconsult,DC=com
C. restore database OU=orders,DC=weconsult,DC=com
D. authoritative restore OU=orders,DC=weconsult,DC=com
Answer: B
Q: 65
You are a network administrator for your company. Your corporate network consists of a single
Active Directory domain whose functional level is Windows Server 2003. Different groups of
domain users require different configurations of the same applications that will be hosted on an
application server in the domain. You must configure the appropriate COM+ partitions and assign
access to the appropriate users.
Which of the following should you do? Select all that apply.
A. For each configuration of each application, create a COM+ partition on the application server.
B. For each configuration of each application, create a COM+ partition in Active Directory.
C. Create COM+ partition sets on the application server.
D. Create COM+ partition sets in Active Directory.
E. Assign domain users to the appropriate COM+ partitions on the application server.
F. Assign domain users to the appropriate COM+ partitions in Active Directory.
G. Assign domain users to the appropriate COM+ partition sets on the application server.
H. Assign domain users to the appropriate COM+ partition sets in Active Directory.
Answer: A,B,D,H
Q: 66
You are implementing an Active Directory forest for your company. You install Windows Server
2003 on a computer, name it DC1 and promote it to the first domain controller in a new domain in
a new forest. Then, you install Windows Server 2003 on another computer, name it DC2 and
promote it to an additional domain controller in the existing domain. Now, you want to create a
new domain. You install Windows Server 2003 on a new computer, name it DC3 and start the
Active Directory Installation wizard. You specify that DC3 will be a domain controller in a new
domain in a new domain tree in the existing forest. You receive an error message that indicates
that DC3 cannot be promoted to a domain controller. Your investigation reveals that DC1 has
failed due to a hardware problem. The replacement part necessary to bring DC1 back online will
be delivered within the next few days. However, you must continue the deployment of Active
Directory immediately, and you must promote DC3 to a domain controller in a new domain.
Which of the following should you do?
A. Promote DC3 to a domain controller in a new child domain.
B. Join DC3 to the existing domain and then promote it to a domain controller in a new tree-root
domain.
C. Promote DC3 to an additional domain controller in the existing domain and then join it to a new
tree-root domain.
D. Configure DC2 to hold all operations master roles and then promote DC3 to a new domain
controller in a new tree-root domain.
Answer: D
Q: 67
Your company consists of the central office and two branch offices. Your corporate network
consists of a single Active Directory domain that spans three sites. One site is configured for each
of the offices. The warehouse and the Sales department are located in the central office. The IT
personnel at the central office should have the authority to manage all user and computer objects
in the domain. Local IT administrators at each of the two branch offices will manage all users and
computers in their respective sites. Additionally, one IT administrator will manage users and
computers in the warehouse, and another IT administrator will manage users and computers in the
Sales department. You must design an organizational unit (OU) structure that will allow you to
delegate the appropriate level of authority to IT personnel. You should create the minimum
number of OUs.
Which of the following OU structures should you create?
A. A
B. B
C. C
D. D
Answer: A
Q: 68
You administer an Active Directory forest for your company. All servers on your network run
Windows Server 2003. The company's written security policy dictates that all users must log on
only by using smart cards and that administrators should not log on by using their administrative
credentials. The Interactive logon: Smart card removal behavior policy is set to Force Logoff in the
Default Domain Policy Group Policy object (GPO). You must be able to perform various
administrative tasks on any server on the network by using the least administrative effort.
Which of the following should you do?
A. On all servers, install two smart card readers and use a secondary logon to perform
administrative tasks.
B. On your workstation, configure Remote Desktop connections to all servers and disable the
local security policy that forces logoff when a smart card is removed.
C. On your workstation, install two smart card readers and configure Remote Desktop
connections to all servers.
D. On your workstation, install the Windows Server 2003 Administrative Tools pack and use the
Run as command to perform administrative tasks remotely.
Answer: C
Q: 69
You are a network administrator for your company. The corporate network consists of a single
Active Directory domain and three sites that are presented in the following exhibit.
There are two domain controllers in each of the sites, and one domain controller in each site is
designated as a preferred bridgehead server. The network is not fully routed, and the default
bridging of all site links is disabled.
You want changes made to Active Directory in any of the sites to be propagated to the other sites
even if any one domain controller in each site fails.
Which of the following should you do?
A. Bridge the two site links.
B. Create a site link between Site1 and Site3.
C. Designate both domain controllers in Site2 as preferred bridgehead servers.
D. Reconfigure each site so that there are no preferred bridgehead servers.
Answer: D
Q: 70
You want to optimize the performance of write operations and provide fault tolerance to the Active
Directory database on a Windows Server 2003 domain controller. Currently, the data files and
transaction log files are installed at their default locations. You add two RAID devices to the
computer; one device is configured as RAID 1, and the other is configured as RAID 5.
Which of the following should you do? Select two choices. Each correct answer is part of the
solution.
A. Move the data file to the RAID-1 device.
B. Move the data file to the RAID-5 device.
C. Move the transaction logs to the RAID-1 device.
D. Move the transaction logs to the RAID-5 device.
Answer: B,C
Q: 71
You are a network administrator for your company. The corporate network consists of a single
Active Directory domain where all servers run Windows Server 2003 and all client computers run
Windows XP Professional. There is an enterprise root certification authority (CA) on your network.
The company's written security policy dictates that all computers use IPSec for all communications
within the corporate internal network and that all computers use certificates for mutual
authentication. Additionally, all computers must use IPSec for communications with computers on
a partner company's network. The partner company uses its own private root CA.
Which of the following should you do?
A. Obtain a computer certificate from a commercial CA and import it into the Personal computer
certificate store on all computers on your network.
B. Use a GPO to automatically issue computer certificates from your enterprise CA to all
computers on your network and to import the partner's root CA certificate into the Trusted Root
Certification Authorities computer certificate store.
C. Obtain a user certificate from a commercial CA and import it into the Personal user certificate
store on all computers on your network.
D. Use a GPO to automatically issue user certificates from your enterprise CA to all users on your
network and to import the partner's root CA certificate into the Trusted Root Certification
Authorities user certificate store.
Answer: B
Q: 72
You are a network administrator for your company. The corporate network consists of a single
Active Directory domain where all servers run Windows Server 2003 and all client computers run
Windows XP Professional. You are planning to install Software Update Service (SUS) on a server
named SUS1. You want to test updates on specifically designated computers and approve the
appropriate updates before deploying them on the network.
Which of the following should you do?
A. In a GPO, specify SUS1 as the update service location and apply the GPO to computers.
B. In a GPO, specify SUS1 as the update service location and apply the GPO to users.
C. In a GPO, specify that update files be downloaded from SUS1 and apply the GPO to
computers.
D. In a GPO, specify that update files be downloaded from SUS1 and apply the GPO to users.
Answer: A
Q: 73
An employee has retired from the company, and you have just disabled his account so no one can
log on to the domain as this user. When this change is made, where will it be stored in the
directory?
A. Domain partition
B. Configuration partition
C. Schema partition
D. Application partition
Answer: A
Q: 74
Your company’s employees are represented by two unions. Management has a union that
represents the managers’ interests, while others in the company belong to another union. Each
union requires that dues be deducted from paychecks to pay for their representation. The Finance
department has requested that a field be added to each user account, so that a code can be
entered on the account to show which union each employee belongs to. They have asked you to
create this field. When this new attribute has been added to user objects, where will it be stored in
the directory?
A. Domain partition
B. Configuration partition
C. Schema partition
D. Application partition
Answer: C
Q: 75
A RID server has temporarily gone offline. During this time, you seize the RID Master role on
another DC. After the original RID server becomes available again, you are concerned that
duplicate SIDs might now exist for objects in Active Directory. Which of the following tools would
you use to find and delete duplicates?
A. Active Directory Users and Computers
B. MOVETREE
C. WHOAMI
D. NTDSUTIL
Answer: D
Q: 76
You want to use Remote Assistance to help users with problems by connecting to their machine
and taking control of it remotely. When this action is performed, which of the following accounts is
automatically created and used?
A. HelpAssistant
B. Support_388945a0
C. Guest
D. InetOrgPerson
Answer: A
Q: 77
You are a new network administrator for a Windows Server 2003 domain. In making user support
calls, you have noticed that many users are relying on simplistic passwords such as their
children’s or pets’ names. Passwords on the network are set to never expire, so some users have
been using these weak passwords for years. You change the default Group Policy to require
strong passwords. Several weeks later, you notice that the network users are still able to log on
using their weak passwords. What is the most likely reason why the weak passwords are still in
effect?
A. You must force the users to change their passwords before the strong password settings will
take effect.
B. The Group Policy settings have not replicated throughout the network yet.
C. Password policies need to be set at the organizational unit (OU) level, not the domain level.
D. The users reverted back to their passwords the next time they were prompted to change them.
Answer: A
Q: 78
You have created an e-commerce Web application that allows your customers to purchase your
company’s products via the Internet. Management is concerned that customers will not feel
comfortable providing their credit card information over the Internet. What is the most important
step to secure this application so that your customers will feel confident that they are transmitting
their information securely and to the correct Web site?
A. Use IP restrictions so that only your customers’ specific IP addresses can connect to the ecommerce
application.
B. Issue each of your customers a smart card that they can use to authenticate to your ecommerce
Web site.
C. Place your company’s Web server behind a firewall to prevent unauthorized access to
customer information.
D. Install a Secure Sockets Layer (SSL) certificate on your Web server.
Answer: D
Q: 79
What FSMO roles should exist in a child domain in a Windows Server 2003 forest?
(Choose all that apply.)
A. Schema Master
B. Domain Naming Master
C. PDC Emulator
D. RID Master
E. GC
F. Infrastructure Master
Answer: C,D,F
Latest Version: 9.5 Last Update: December, 2012
Need the Latest version of 70-294 Exam Prep Or the other Microsoft Exam Prep, Visit the Cheat-Test.com Official website.
70-294,70-294 exam,70-294 dumps,70-294 study guide,70-294 practice test,Microsoft 70-294
